There are two options, one is that you pay for labs and/or training, e.g. Hacking Dojo, Offensive Security, MDSec (labs only) etc., while the other is that you set up your own lab ( http://www.securityaegis.com/pentest-la ... n-edition/ , there are plenty of resources on how to build your own lab, get a VMware ESXi server on an okay machine that hosts your lab, unless you host it with e.g. VMware Player or Workstation.), and use free resources such as security tube, forums, research / whitepapers, etc. (Plenty of papers on exploit-db, plenty of videos on security tube, and so on.)It's all about asking the right question, when you search for knowledge on Google.